Software Development Security Flashcards
Scanner
A program that identifies known viruses and removes the viruses or repairs infected objects.
Heuristic Scanner
A program that intelligently analyzes unknown code to identify suspicious commands and code sections
Activity Monitor
A program that monitors systems and programs for suspicious activity.
Change detection software
A program that stores baseline system information and then periodically checks for suspicious changes from the baseline values.
What are 2 countermeasures for a brute force attack?
Implement strict access controls
keep password length to a minimum of 8 characters
Code that a specific event triggers and that destroys data stored on a system’s hard disk
logic bomb
Code that may simultaneously attack the book sector and the executable files of a system
virus
Code embedded in a program and often used to promote backdoor attacks to access system resources
trojan
Rapidly replicating code that takes control of a system consuming vital network resources
worm
What is the purpose of software forensics in protecting system and data security?
To analyze code for characteristics of authorship and intent used as evidence against attackers and to minimize damage in future attacks.
What characteristics of current software development make information security difficult?
Complexity of modern applications
increased sharing of code and other resources
Low level languages
first and second generation languages
High level languages
third through fifth generation
When programming with high level languages, which factors can contribute to security weaknesses?
Automatic memory allocation and deallocation
A security management system with limited options
Define hackers
individuals or organizations who attempt to gain unauthorized access to information systems and network resources
Define crackers
individuals or organizations who break into computer systems by breaching security. Often a crackers motive is altruistic.
What are the 6 types of DoS attacks?
smurf and fraggle SYN flood teardrop distributed DoS DNS DoS Cache poisoning
Define smurf attack
sends ICMP packets to multiple computers which in turn reply to the single computer
Define fraggle attack
smurf attack which uses UDP instead of ICMP
Defenses against smurf and fraggle attacks
setup a firewall to block all broadcast and ICMP messages
configure all computers to drop ICMP messages
turn off the directed broadcast capability of the router
implement an IDS
Install latest patches
Define SYN flood attack
Waged by not sending the final ACK message
Defenses against a SYN flood attack
setup a firewall to limit the number of connection requests
implement and IDS
use SYN cookies to avoid the allocation of resources to half opened connections
install latest patches
Define teardrop attack
exploits bug in OS routine to reassemble fragmented packets
Defenses against teardrop attack
merge all fragmented packets in a full packet before routing them to the target system
Implement IDS to detect fragmented packets
Defenses against DDoS attack
Scan the computers to identify if the attack software is installed
Access the log files on which the client attack software is installed to determine the location of the attacker
disable unused services on systems
install a firewall and IDS
Define DNS DoS
Attacker changes the IP of a host to a malicious host
Defenses against DNS DoS
Implement a secure DNS
Update DNS version
Configure DNS servers for internal and external public records
Define cache poisoning
Attacker can’t update DNS record, so false data is entered into the cache
Defenses against cache poisoning
configure DNS servers
Use DNSSecurity extensions DNSSEC
Use HTTPS to validate certificate
Defenses against brute force attacks
Keep the password length to a min of 8 characters
lock the account after a specified number of unsuccessful attempts
implement strict access controls to reduce the occurrence of such attacks
Defenses against dictionary attacks
use one-time password authentication
Use a password policy to enforce password rotation and hard to guess passwords
cracking tools to identify weak passwords
Implement and IDS
Defenses against spoofing attacks
configure the firewall to discard packets that contain private addressing
avoid using reserved IP addresses
use egress in ingress filtering
Implement an IPS
Defense against a buffer overflow attack
use the bound checking mechanism in program code to check the length of the input variable
Install latest updates
Define between the lines entry attack
An attacker taps the temporarily inactive terminal of a legitimate user in an unauthorized manner.
Define NAK negative acknowledgement attacks
an attacker capitalizes on an operating system’s failure to suitably handle NAK packets.
Define line disconnect attacks
An attacker accesses and uses the communication line of a user who is trying to terminate his communication session.
Define pseudo-flaw attacks
loopholes developers insert to trap attackers and track the source of an attack.
Define TOC/TOU attack
Time of Check
Time of Use
attack occurs when program checks access permissions in advance of a resource request.
Covert channel
a communication path that allows a process to transmit information in a way that violates system policy
File infector virus
attacks exe, com files
boot sector virus
attacks boot sector
multipartite
multi-part virus combines executable and boot sector viruses
script virus
written using script languages
encrypted virus
virus detection routine and encrypted virus body.
macro virus
attacks documents
polymorphic virus
virus body, decryption routine, mutation engine
companion virus
spawning virus creates a file of the same name in the same directory but with a different extension. The virus file will have an extension the system will open first.
Virus defenses
Anti-virus software
IDS
Don’t open unidentified email attachments
For which reasons is software forensics value for protecting information security?
It can help identify the authors of malicious code
The information it provides can be used to strengthen protection against future attacks
It can help prove intellectual ownership and assist in the recovery of lost source code.
Object Linking and Embedding
Links data objects into or from multiple files or sources on a computer and segregates data into interoperable components
eXtensible Markup Language
Displays the data in a standard format independently of the database or application.